xref: /rk3399_ARM-atf/tools/cert_create/src/tbbr/tbb_ext.c (revision 09d40e0e08283a249e7dce0e106c07c5141f9b7e) 
1 /*
2  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #include <stdio.h>
8 #include <string.h>
9 #include <openssl/err.h>
10 #include <openssl/x509v3.h>
11 
12 #if USE_TBBR_DEFS
13 #include <tbbr_oid.h>
14 #else
15 #include <platform_oid.h>
16 #endif
17 
18 #include "ext.h"
19 #include "tbbr/tbb_ext.h"
20 #include "tbbr/tbb_key.h"
21 
22 /* TODO: get these values from the command line */
23 #define TRUSTED_WORLD_NVCTR_VALUE	0
24 #define NORMAL_WORLD_NVCTR_VALUE	0
25 
26 static ext_t tbb_ext[] = {
27 	[TRUSTED_FW_NVCOUNTER_EXT] = {
28 		.oid = TRUSTED_FW_NVCOUNTER_OID,
29 		.opt = "tfw-nvctr",
30 		.help_msg = "Trusted Firmware Non-Volatile counter value",
31 		.sn = "TrustedWorldNVCounter",
32 		.ln = "Trusted World Non-Volatile counter",
33 		.asn1_type = V_ASN1_INTEGER,
34 		.type = EXT_TYPE_NVCOUNTER,
35 		.attr.nvctr_type = NVCTR_TYPE_TFW
36 	},
37 	[NON_TRUSTED_FW_NVCOUNTER_EXT] = {
38 		.oid = NON_TRUSTED_FW_NVCOUNTER_OID,
39 		.opt = "ntfw-nvctr",
40 		.help_msg = "Non-Trusted Firmware Non-Volatile counter value",
41 		.sn = "NormalWorldNVCounter",
42 		.ln = "Non-Trusted Firmware Non-Volatile counter",
43 		.asn1_type = V_ASN1_INTEGER,
44 		.type = EXT_TYPE_NVCOUNTER,
45 		.attr.nvctr_type = NVCTR_TYPE_NTFW
46 	},
47 	[TRUSTED_BOOT_FW_HASH_EXT] = {
48 		.oid = TRUSTED_BOOT_FW_HASH_OID,
49 		.opt = "tb-fw",
50 		.help_msg = "Trusted Boot Firmware image file",
51 		.sn = "TrustedBootFirmwareHash",
52 		.ln = "Trusted Boot Firmware hash (SHA256)",
53 		.asn1_type = V_ASN1_OCTET_STRING,
54 		.type = EXT_TYPE_HASH
55 	},
56 	[TRUSTED_BOOT_FW_CONFIG_HASH_EXT] = {
57 		.oid = TRUSTED_BOOT_FW_CONFIG_HASH_OID,
58 		.opt = "tb-fw-config",
59 		.help_msg = "Trusted Boot Firmware Config file",
60 		.sn = "TrustedBootFirmwareConfigHash",
61 		.ln = "Trusted Boot Firmware Config hash",
62 		.asn1_type = V_ASN1_OCTET_STRING,
63 		.type = EXT_TYPE_HASH,
64 		.optional = 1
65 	},
66 	[HW_CONFIG_HASH_EXT] = {
67 		.oid = HW_CONFIG_HASH_OID,
68 		.opt = "hw-config",
69 		.help_msg = "HW Config file",
70 		.sn = "HWConfigHash",
71 		.ln = "HW Config hash",
72 		.asn1_type = V_ASN1_OCTET_STRING,
73 		.type = EXT_TYPE_HASH,
74 		.optional = 1
75 	},
76 	[TRUSTED_WORLD_PK_EXT] = {
77 		.oid = TRUSTED_WORLD_PK_OID,
78 		.sn = "TrustedWorldPublicKey",
79 		.ln = "Trusted World Public Key",
80 		.asn1_type = V_ASN1_OCTET_STRING,
81 		.type = EXT_TYPE_PKEY,
82 		.attr.key = TRUSTED_WORLD_KEY
83 	},
84 	[NON_TRUSTED_WORLD_PK_EXT] = {
85 		.oid = NON_TRUSTED_WORLD_PK_OID,
86 		.sn = "NonTrustedWorldPublicKey",
87 		.ln = "Non-Trusted World Public Key",
88 		.asn1_type = V_ASN1_OCTET_STRING,
89 		.type = EXT_TYPE_PKEY,
90 		.attr.key = NON_TRUSTED_WORLD_KEY
91 	},
92 	[SCP_FW_CONTENT_CERT_PK_EXT] = {
93 		.oid = SCP_FW_CONTENT_CERT_PK_OID,
94 		.sn = "SCPFirmwareContentCertPK",
95 		.ln = "SCP Firmware content certificate public key",
96 		.asn1_type = V_ASN1_OCTET_STRING,
97 		.type = EXT_TYPE_PKEY,
98 		.attr.key = SCP_FW_CONTENT_CERT_KEY
99 	},
100 	[SCP_FW_HASH_EXT] = {
101 		.oid = SCP_FW_HASH_OID,
102 		.opt = "scp-fw",
103 		.help_msg = "SCP Firmware image file",
104 		.sn = "SCPFirmwareHash",
105 		.ln = "SCP Firmware hash (SHA256)",
106 		.asn1_type = V_ASN1_OCTET_STRING,
107 		.type = EXT_TYPE_HASH
108 	},
109 	[SOC_FW_CONTENT_CERT_PK_EXT] = {
110 		.oid = SOC_FW_CONTENT_CERT_PK_OID,
111 		.sn = "SoCFirmwareContentCertPK",
112 		.ln = "SoC Firmware content certificate public key",
113 		.asn1_type = V_ASN1_OCTET_STRING,
114 		.type = EXT_TYPE_PKEY,
115 		.attr.key = SOC_FW_CONTENT_CERT_KEY
116 	},
117 	[SOC_AP_FW_HASH_EXT] = {
118 		.oid = SOC_AP_FW_HASH_OID,
119 		.opt = "soc-fw",
120 		.help_msg = "SoC AP Firmware image file",
121 		.sn = "SoCAPFirmwareHash",
122 		.ln = "SoC AP Firmware hash (SHA256)",
123 		.asn1_type = V_ASN1_OCTET_STRING,
124 		.type = EXT_TYPE_HASH
125 	},
126 	[SOC_FW_CONFIG_HASH_EXT] = {
127 		.oid = SOC_FW_CONFIG_HASH_OID,
128 		.opt = "soc-fw-config",
129 		.help_msg = "SoC Firmware Config file",
130 		.sn = "SocFirmwareConfigHash",
131 		.ln = "SoC Firmware Config hash",
132 		.asn1_type = V_ASN1_OCTET_STRING,
133 		.type = EXT_TYPE_HASH,
134 		.optional = 1
135 	},
136 	[TRUSTED_OS_FW_CONTENT_CERT_PK_EXT] = {
137 		.oid = TRUSTED_OS_FW_CONTENT_CERT_PK_OID,
138 		.sn = "TrustedOSFirmwareContentCertPK",
139 		.ln = "Trusted OS Firmware content certificate public key",
140 		.asn1_type = V_ASN1_OCTET_STRING,
141 		.type = EXT_TYPE_PKEY,
142 		.attr.key = TRUSTED_OS_FW_CONTENT_CERT_KEY
143 	},
144 	[TRUSTED_OS_FW_HASH_EXT] = {
145 		.oid = TRUSTED_OS_FW_HASH_OID,
146 		.opt = "tos-fw",
147 		.help_msg = "Trusted OS image file",
148 		.sn = "TrustedOSHash",
149 		.ln = "Trusted OS hash (SHA256)",
150 		.asn1_type = V_ASN1_OCTET_STRING,
151 		.type = EXT_TYPE_HASH
152 	},
153 	[TRUSTED_OS_FW_EXTRA1_HASH_EXT] = {
154 		.oid = TRUSTED_OS_FW_EXTRA1_HASH_OID,
155 		.opt = "tos-fw-extra1",
156 		.help_msg = "Trusted OS Extra1 image file",
157 		.sn = "TrustedOSExtra1Hash",
158 		.ln = "Trusted OS Extra1 hash (SHA256)",
159 		.asn1_type = V_ASN1_OCTET_STRING,
160 		.type = EXT_TYPE_HASH,
161 		.optional = 1
162 	},
163 	[TRUSTED_OS_FW_EXTRA2_HASH_EXT] = {
164 		.oid = TRUSTED_OS_FW_EXTRA2_HASH_OID,
165 		.opt = "tos-fw-extra2",
166 		.help_msg = "Trusted OS Extra2 image file",
167 		.sn = "TrustedOSExtra2Hash",
168 		.ln = "Trusted OS Extra2 hash (SHA256)",
169 		.asn1_type = V_ASN1_OCTET_STRING,
170 		.type = EXT_TYPE_HASH,
171 		.optional = 1
172 	},
173 	[TRUSTED_OS_FW_CONFIG_HASH_EXT] = {
174 		.oid = TRUSTED_OS_FW_CONFIG_HASH_OID,
175 		.opt = "tos-fw-config",
176 		.help_msg = "Trusted OS Firmware Config file",
177 		.sn = "TrustedOSFirmwareConfigHash",
178 		.ln = "Trusted OS Firmware Config hash",
179 		.asn1_type = V_ASN1_OCTET_STRING,
180 		.type = EXT_TYPE_HASH,
181 		.optional = 1
182 	},
183 	[NON_TRUSTED_FW_CONTENT_CERT_PK_EXT] = {
184 		.oid = NON_TRUSTED_FW_CONTENT_CERT_PK_OID,
185 		.sn = "NonTrustedFirmwareContentCertPK",
186 		.ln = "Non-Trusted Firmware content certificate public key",
187 		.asn1_type = V_ASN1_OCTET_STRING,
188 		.type = EXT_TYPE_PKEY,
189 		.attr.key = NON_TRUSTED_FW_CONTENT_CERT_KEY
190 	},
191 	[NON_TRUSTED_WORLD_BOOTLOADER_HASH_EXT] = {
192 		.oid = NON_TRUSTED_WORLD_BOOTLOADER_HASH_OID,
193 		.opt = "nt-fw",
194 		.help_msg = "Non-Trusted World Bootloader image file",
195 		.sn = "NonTrustedWorldBootloaderHash",
196 		.ln = "Non-Trusted World hash (SHA256)",
197 		.asn1_type = V_ASN1_OCTET_STRING,
198 		.type = EXT_TYPE_HASH
199 	},
200 	[NON_TRUSTED_FW_CONFIG_HASH_EXT] = {
201 		.oid = NON_TRUSTED_FW_CONFIG_HASH_OID,
202 		.opt = "nt-fw-config",
203 		.help_msg = "Non Trusted OS Firmware Config file",
204 		.sn = "NonTrustedOSFirmwareConfigHash",
205 		.ln = "Non-Trusted OS Firmware Config hash",
206 		.asn1_type = V_ASN1_OCTET_STRING,
207 		.type = EXT_TYPE_HASH,
208 		.optional = 1
209 	},
210 	[SCP_FWU_CFG_HASH_EXT] = {
211 		.oid = SCP_FWU_CFG_HASH_OID,
212 		.opt = "scp-fwu-cfg",
213 		.help_msg = "SCP Firmware Update Config image file",
214 		.sn = "SCPFWUpdateConfig",
215 		.ln = "SCP Firmware Update Config hash (SHA256)",
216 		.asn1_type = V_ASN1_OCTET_STRING,
217 		.type = EXT_TYPE_HASH,
218 		.optional = 1
219 	},
220 	[AP_FWU_CFG_HASH_EXT] = {
221 		.oid = AP_FWU_CFG_HASH_OID,
222 		.opt = "ap-fwu-cfg",
223 		.help_msg = "AP Firmware Update Config image file",
224 		.sn = "APFWUpdateConfig",
225 		.ln = "AP Firmware Update Config hash (SHA256)",
226 		.asn1_type = V_ASN1_OCTET_STRING,
227 		.type = EXT_TYPE_HASH,
228 		.optional = 1
229 	},
230 	[FWU_HASH_EXT] = {
231 		.oid = FWU_HASH_OID,
232 		.opt = "fwu",
233 		.help_msg = "Firmware Updater image file",
234 		.sn = "FWUpdaterHash",
235 		.ln = "Firmware Updater hash (SHA256)",
236 		.asn1_type = V_ASN1_OCTET_STRING,
237 		.type = EXT_TYPE_HASH,
238 		.optional = 1
239 	}
240 };
241 
242 REGISTER_EXTENSIONS(tbb_ext);
243